CVE-2020-15061

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values...

CVE-2020-15055

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter...

CVE-2020-15057

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:1155-1 Rating: important References: 1174538 Cross-References: CVE-2020-15652 CVE-2020-15653 CVE-2020-15654 CVE-2020-15655 CVE-2020-15656 CVE-2020-15657 CVE-2020-15658 CVE-2020-15659 CVE-2020-6463...

DRUPAL-CONTRIB-2020-033

The Group module enables you to hand out permissions on a smaller subset, section or community of your website. Under very specific circumstances, where two group types support the same content, yet hand out different permissions, non-members of the first group type may use the set of permissions...

CVE-2020-15135

save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...

CVE-2020-15135

save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...

Cross site request forgery (csrf)

save-server npm package before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation Tokens etc.. The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...

CVE-2020-15135

The CVE-2020-15135 entry concerns the save-server npm package, where versions before 1.05 are vulnerable to CSRF due to no CSRF mitigation. The issue enables a attacker, via a malicious site, to perform actions like uploading/deleting files, adding redirects, and potentially managing users if the...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 78.1.0 ESR - Fixed: Various stability, functionality, and security fixes bsc1174538 - CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker - CVE-2020-6514: WebRTC data chann...

Apple Safari Reader Component Logic Flaw Vulnerability

Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems.Safari Reader is one of the reader components.... A security vulnerability exists in the Safari Reader component in Apple Safari versions prior to 13.1.2, iOS versions...

Unspecified Vulnerability in SolarWinds Serv-U FTP Server (CNVD-2021-17779)

SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A security vulnerability exists in SolarWinds Serv-U File Server versions prior to 15.2.1, which stems from the program's failure to properly handle the Same-Site cookie attribute. The vulnerability can be exploited by a...

Microsoft Edge (Chromium) < 80.0.361.66 Insufficient Policy Enforcement

The version of Microsoft Edge Chromium installed on the remote Windows host is prior to 80.0.361.66. It is, therefore, affected by an insufficient policy enforcement vulnerability. An unauthenticated, remote attacker can exploit this, via a crafted HTML page, to bypass same-origin policy. Note th...

CVE-2020-15574

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893...

CVE-2020-15574

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893...

Design/Logic Flaw

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893...

CVE-2020-15574

SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893...

CVE-2020-15574

CVE-2020-15574 affects SolarWinds Serv-U File Server prior to 15.2.1. The root cause is mishandling of the Same-Site cookie attribute, leading to potential exposure of sensitive information via crafted requests. Multiple sources (NVD, Red Hat advisory, CNVD) confirm the same issue and reference t...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506

Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...